Resubmissions
25/01/2025, 07:51
250125-jp628svlfk 1025/01/2025, 07:47
250125-jmnswasrby 625/01/2025, 07:40
250125-jhj9wsspdv 10Analysis
-
max time kernel
30s -
max time network
37s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
25/01/2025, 07:40
General
-
Target
com.tencent.mm.apk
-
Size
3.7MB
-
MD5
e15906ac8b360aa6e7867fcbb2922089
-
SHA1
53555056dd2af1933b911ac8adc81a2f438216c1
-
SHA256
9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89
-
SHA512
d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2
-
SSDEEP
98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x
Malware Config
Extracted
anubis
http://Google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Anubis family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.4MB
MD5d35cb1611e7b7df9d0a619a7fb9691e1
SHA11815183b2654a7b153093b1c531bcf6efa3ed4a4
SHA256d747e46c7dd239597e3696133ebda66dfa4459794f65290c43d52e8df13596eb
SHA5124aa50f91a49e22ee98d606c627899e722ad0cff159772ca83cec6523c05ad0933fd16d051ba5c21d871f26912e3925c3ad1d7c61027aa9200d5886b9e5aa975c
-
Filesize
16KB
MD5adf41374fac44fc24e0ae677965cef68
SHA18d41bb477cba328cc3729edf95de1d6217e3a59a
SHA256949bd25dff90e75873d0e31e6b60d639702738b84036f8a54dc56418ec11dd9d
SHA512ca8fc0258e5ce28f00e05648a889e4412a6f89dc50b9d1f422a059feb6003409e7d7fd42a0a2ab64fe7782830e2ca0b9c5a2fbaa3243fdf3df2997bcd19e63f1
-
Filesize
8KB
MD51bb73cb86348405278fabbea1756d9b0
SHA1a29302df6573ba789d2cae1af19db5944f7efaea
SHA2562b25739defe3e6cbfe3defde4e5da1036a7db428f5d11b5c8b667937161a1a9e
SHA5127ef4fc6e8f03999e0fa8c32a7e0a5f183917cdab51cdda6af667a9c3073e9320e975197ced8d23207df1b3f08783bb65cbc25e97cdbde0e31eb8a514d667ed37
-
Filesize
8KB
MD5725367220d25b7c4142c17252aa9101e
SHA1afe8c6ca4aba532c733ff2318bc451b7a97528a3
SHA256ee37cd6a04dae0b5a73a7c7ddcfd3d8841a184570292bcc34e248d06e532a579
SHA512be88bc5fedf4467f864d7c1ba1d844de8c9972dece4147917db152cb51b1d2f7cb7b033424c2b3f2ae3d3a7c318938d2a3108e1036b17c1bb76e9ba2be82a6db
-
Filesize
512B
MD5a801b6a25bad78e0fe6fa8d9e79db232
SHA10b53fa2ed35d6d1971b6e67983419699e02036ee
SHA2565542855086a94b6cd5951986c131570d9768573aaa92b955b1e03211db8c522b
SHA512023d6aeb3a275b7f3886715b9d14c529606c4639f8626067d7c277f2adf30e3da3ef121fe631bcaa60b7dab239a5e44d14c2eab30bf2d7a57321baa057f6e62d
-
Filesize
8KB
MD55d84f66f52043d2a5d2101d6583f4b3b
SHA122f303f576ee53617f85e808bc37f7cdf39c03ab
SHA2566f03c81cf8dd899972c0772327b73696273ccd3ee2acaefc34d904cea021e46f
SHA512dbb0dbeb1b4c83cc5d437ea7fc47c231e2bffe878ad239c38f2342ed08cd46009ed80815f096181ac732dede96e56c7f12f6f344f72da0febf225195771b49c6
-
Filesize
8KB
MD5214cda411d94d723ef6306b22c69e8b3
SHA1aa715869221c5d3acf7cf8b5b7b2aa3fd747c5bc
SHA256b264d573ae15f525dd55f11cc512e08ea2fe0dff35c0627fc9c391e381d5a7dc
SHA5128e77d04e7376fae8181f70597824fefbf44426fb96a964f0f22a4a17ca47e7d60d7df00bcc4b4cf7b36c622cac2c4ceeae4ae09f4cb702f26edeee4e7a2285e8
-
Filesize
8KB
MD5596cb09719fc762f0a9e8127cf3fcafa
SHA166ec6aa301711f10e8d320e51eaa57a5dea20eee
SHA256a4878ca6fd9e3ae577c9e61b001c91b5bc00e0287b2fb71fa8ec015c759e5564
SHA51284c773bbb7bf86b7d8c06f61c4e5bfa37c2cc8e22a8e01dd19bd9514350ea1cc70a9db207e5bfea72cb4a0450ba0a6df49175436993c5254a53f1d80bb1d4158
-
Filesize
25B
MD53760191bc408a34a2a81d3039b27c568
SHA16e2aae71c30a88fd6c59d701446ea1899599d97f
SHA2561ddc68b6abdfa568e2a083a21fea58a58293e55f5d1ae2291d600d0a9a4cc18b
SHA512ef56dde1b0d52da7bffe89458f7399d45c84a125ef2b914ed8903b2038110b66e4cf714cadbba1397d879ca818b1cfd8e6b67d2c754c950795712594562ca1b4
-
Filesize
25B
MD5fd8ed43ac31bbf329c395582c15753cd
SHA13c76ee3fa79dde645c0447d6b23d6f435efb3b72
SHA256049d51bf61bf26d7b9e55391560cc23ec59d2240453ac81b87f2e81153b0fcaf
SHA51277bb10d1eeeea15fc35f7232af698c951d3f47a5fff56682bbc32f6bea9ebecc997d89ed88c6dff9c226c09446261f184ecbac9697f95799753d73a71e6c4d37
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
268B
MD5e10d9ed72ce6de1e8fadea7721991452
SHA10d1f5645c11293e7567872ebfb9b04f298f56e64
SHA256cf6bcf4ddc99d248d3ee6e3c0e76b97153bfa529b4294082c3d773dc6b8a49d4
SHA512fad869461462a45bdbdc3ff24f3db97d957fe3a68d16b5f17ce84b9f95b71dbb95a4aaea1b8e296d58ef3336bc28524c7dfdfe2052b51ba3515e864d2d07160f
-
Filesize
13B
MD590d0fa7ccdb0cb7811deebf7ba61bcd8
SHA15df3531436beb45f541a2ecf66f9d5b63e1fd8e8
SHA256af2231aaeeee16d548418d872b61e50f05602bc5bc2f19f99a18fd17178a5803
SHA512c4e7bcdb35bb47e8204dbc8a882bbb95dc4fe54d8d42c3f935d2e43b87754df6744e5a1b8cf672213760b666e66381fd2876d8ad928670645a3f6eca1a25ffaa